```html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Spring MVC跨域请求(CORS)处理指南 | 技术小馆</title>
    <link href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css" rel="stylesheet">
    <link href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            line-height: 1.8;
            color: #333;
        }
        .hero-gradient {
            background: linear-gradient(135deg, #6e8efb 0%, #a777e3 100%);
        }
        .code-block {
            background: #2d2d2d;
            border-left: 4px solid #a777e3;
        }
        .highlight-box {
            background: rgba(167, 119, 227, 0.1);
            border-left: 4px solid #a777e3;
        }
        .hover-scale {
            transition: transform 0.3s ease, box-shadow 0.3s ease;
        }
        .hover-scale:hover {
            transform: translateY(-5px);
            box-shadow: 0 10px 25px rgba(0, 0, 0, 0.1);
        }
        .mermaid-tooltip {
            background: white;
            padding: 8px 12px;
            border-radius: 4px;
            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
            font-size: 14px;
        }
    </style>
</head>
<body class="bg-gray-50">
    <!-- Hero Section -->
    <section class="hero-gradient text-white py-20 px-4 md:px-0">
        <div class="container mx-auto max-w-6xl px-4">
            <div class="flex flex-col md:flex-row items-center">
                <div class="md:w-1/2 mb-10 md:mb-0">
                    <h1 class="text-4xl md:text-5xl font-bold mb-4 font-serif">Spring MVC跨域请求处理指南</h1>
                    <p class="text-xl mb-8 opacity-90">掌握CORS机制，构建安全高效的前后端分离应用</p>
                    <div class="flex flex-wrap gap-4">
                        <a href="#cors-principle" class="bg-white text-purple-700 hover:bg-purple-100 px-6 py-3 rounded-lg font-medium transition duration-300">
                            <i class="fas fa-lightbulb mr-2"></i>跨域原理
                        </a>
                        <a href="#solutions" class="border-2 border-white text-white hover:bg-white hover:text-purple-700 px-6 py-3 rounded-lg font-medium transition duration-300">
                            <i class="fas fa-code mr-2"></i>解决方案
                        </a>
                    </div>
                </div>
                <div class="md:w-1/2">
                    <div class="bg-white/20 backdrop-blur-sm rounded-2xl p-6 shadow-lg max-w-md mx-auto">
                        <div class="flex items-center mb-4">
                            <div class="bg-white rounded-full w-12 h-12 flex items-center justify-center text-purple-700 mr-3">
                                <i class="fas fa-lock-open text-2xl"></i>
                            </div>
                            <h3 class="text-xl font-bold">CORS关键特性</h3>
                        </div>
                        <ul class="space-y-3">
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2 text-green-200"></i>
                                <span>解决浏览器同源策略限制</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2 text-green-200"></i>
                                <span>通过HTTP头部控制访问权限</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2 text-green-200"></i>
                                <span>支持简单请求与预检请求</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2 text-green-200"></i>
                                <span>可配置细粒度的访问控制</span>
                            </li>
                        </ul>
                    </div>
                </div>
            </div>
        </div>
    </section>

    <!-- Main Content -->
    <main class="container mx-auto max-w-6xl px-4 py-12">
        <!-- CORS Principle -->
        <section id="cors-principle" class="mb-20 scroll-mt-20">
            <div class="flex items-center mb-8">
                <div class="bg-purple-100 text-purple-700 w-10 h-10 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-lightbulb"></i>
                </div>
                <h2 class="text-3xl font-bold font-serif">跨域请求的原理</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8 mb-12">
                <div class="bg-white p-6 rounded-xl shadow-md hover-scale">
                    <div class="flex items-center mb-4">
                        <div class="bg-purple-100 text-purple-700 w-8 h-8 rounded-full flex items-center justify-center mr-3">
                            <i class="fas fa-info-circle"></i>
                        </div>
                        <h3 class="text-xl font-semibold">CORS工作机制</h3>
                    </div>
                    <p class="mb-4">CORS通过设置HTTP响应头来告诉浏览器，允许哪些域可以访问资源。常用的CORS响应头包括：</p>
                    <ul class="space-y-2 text-gray-700">
                        <li><code class="bg-purple-100 px-2 py-1 rounded">Access-Control-Allow-Origin</code>: 指定允许访问资源的源</li>
                        <li><code class="bg-purple-100 px-2 py-1 rounded">Access-Control-Allow-Methods</code>: 指定允许的HTTP方法</li>
                        <li><code class="bg-purple-100 px-2 py-1 rounded">Access-Control-Allow-Headers</code>: 指定允许的自定义请求头</li>
                        <li><code class="bg-purple-100 px-2 py-1 rounded">Access-Control-Allow-Credentials</code>: 是否允许携带认证信息</li>
                        <li><code class="bg-purple-100 px-2 py-1 rounded">Access-Control-Max-Age</code>: 预检请求的缓存时间</li>
                    </ul>
                </div>
                
                <div class="bg-white p-6 rounded-xl shadow-md hover-scale">
                    <div class="flex items-center mb-4">
                        <div class="bg-blue-100 text-blue-700 w-8 h-8 rounded-full flex items-center justify-center mr-3">
                            <i class="fas fa-exchange-alt"></i>
                        </div>
                        <h3 class="text-xl font-semibold">请求类型对比</h3>
                    </div>
                    <div class="overflow-x-auto">
                        <table class="min-w-full divide-y divide-gray-200">
                            <thead class="bg-gray-50">
                                <tr>
                                    <th class="px-4 py-2 text-left text-sm font-medium text-gray-500">类型</th>
                                    <th class="px-4 py-2 text-left text-sm font-medium text-gray-500">示例</th>
                                    <th class="px-4 py-2 text-left text-sm font-medium text-gray-500">特点</th>
                                </tr>
                            </thead>
                            <tbody class="bg-white divide-y divide-gray-200">
                                <tr>
                                    <td class="px-4 py-2 text-sm">简单请求</td>
                                    <td class="px-4 py-2 text-sm">GET, POST (标准Content-Type)</td>
                                    <td class="px-4 py-2 text-sm">不触发预检请求</td>
                                </tr>
                                <tr>
                                    <td class="px-4 py-2 text-sm">复杂请求</td>
                                    <td class="px-4 py-2 text-sm">PUT, DELETE, 自定义头部的POST</td>
                                    <td class="px-4 py-2 text-sm">会触发OPTIONS预检请求</td>
                                </tr>
                            </tbody>
                        </table>
                    </div>
                </div>
            </div>

            <!-- Visualization -->
            <div class="bg-white rounded-xl shadow-md p-6 mb-8 hover-scale">
                <h3 class="text-xl font-semibold mb-4 flex items-center">
                    <i class="fas fa-project-diagram text-purple-600 mr-2"></i>
                    CORS请求流程可视化
                </h3>
                <div class="mermaid">
                    sequenceDiagram
                        participant Browser
                        participant Server
                        Browser->>Server: 发送OPTIONS预检请求 (复杂请求)
                        Server-->>Browser: 返回CORS头部 (允许的方法/来源/头)
                        Browser->>Server: 发送实际请求 (GET/POST等)
                        Server-->>Browser: 返回数据 + CORS头部
                </div>
            </div>

            <div class="highlight-box p-6 rounded-lg mb-8">
                <div class="flex items-start">
                    <div class="text-purple-600 mr-3 mt-1">
                        <i class="fas fa-exclamation-circle"></i>
                    </div>
                    <div>
                        <h4 class="font-semibold mb-2">安全注意事项</h4>
                        <p>在生产环境中，建议只允许特定的域名，而不是使用<code class="bg-purple-100 px-1 py-0.5 rounded">*</code>通配符，特别是在涉及凭证和敏感数据的情况下。当<code class="bg-purple-100 px-1 py-0.5 rounded">allowCredentials</code>设置为<code class="bg-purple-100 px-1 py-0.5 rounded">true</code>时，<code class="bg-purple-100 px-1 py-0.5 rounded">Access-Control-Allow-Origin</code>不能设置为<code class="bg-purple-100 px-1 py-0.5 rounded">*</code>，必须指定具体的域名。</p>
                    </div>
                </div>
            </div>
        </section>

        <!-- Solutions -->
        <section id="solutions" class="mb-20 scroll-mt-20">
            <div class="flex items-center mb-8">
                <div class="bg-blue-100 text-blue-700 w-10 h-10 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-code"></i>
                </div>
                <h2 class="text-3xl font-bold font-serif">Spring MVC中的CORS解决方案</h2>
            </div>

            <div class="grid md:grid-cols-2 gap-8 mb-12">
                <!-- 局部跨域 -->
                <div class="bg-white p-6 rounded-xl shadow-md hover-scale">
                    <div class="flex items-center mb-4">
                        <div class="bg-green-100 text-green-700 w-8 h-8 rounded-full flex items-center justify-center mr-3">
                            <i class="fas fa-puzzle-piece"></i>
                        </div>
                        <h3 class="text-xl font-semibold">局部跨域处理</h3>
                    </div>
                    <p class="mb-4">通过<code class="bg-gray-100 px-1 py-0.5 rounded">@CrossOrigin</code>注解为特定的控制器或方法设置跨域规则：</p>
                    
                    <div class="code-block rounded-lg p-4 mb-4 overflow-x-auto">
                        <pre class="text-gray-200"><code>@RestController
@RequestMapping("/api")
public class MyController {

    @CrossOrigin(origins = "http://example.com", 
                allowedHeaders = "*", 
                methods = {RequestMethod.GET, RequestMethod.POST})
    @GetMapping("/data")
    public ResponseEntity&lt;String&gt; getData() {
        return ResponseEntity.ok("CORS enabled data");
    }
}</code></pre>
                    </div>
                    
                    <div class="bg-yellow-50 border-l-4 border-yellow-400 p-4 rounded-r">
                        <div class="flex items-start">
                            <div class="text-yellow-600 mr-2 mt-1">
                                <i class="fas fa-exclamation-triangle"></i>
                            </div>
                            <div>
                                <p class="text-sm">这种方法只适用于单个控制器或方法的跨域需求，如果需要在多个地方使用跨域设置，建议使用全局配置。</p>
                            </div>
                        </div>
                    </div>
                </div>
                
                <!-- 全局跨域 -->
                <div class="bg-white p-6 rounded-xl shadow-md hover-scale">
                    <div class="flex items-center mb-4">
                        <div class="bg-orange-100 text-orange-700 w-8 h-8 rounded-full flex items-center justify-center mr-3">
                            <i class="fas fa-globe"></i>
                        </div>
                        <h3 class="text-xl font-semibold">全局跨域处理</h3>
                    </div>
                    <p class="mb-4">通过实现<code class="bg-gray-100 px-1 py-0.5 rounded">WebMvcConfigurer</code>接口配置全局CORS规则：</p>
                    
                    <div class="code-block rounded-lg p-4 mb-4 overflow-x-auto">
                        <pre class="text-gray-200"><code>@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
            .allowedOrigins("http://example.com", "http://another-domain.com")
            .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
            .allowedHeaders("*")
            .allowCredentials(true)
            .maxAge(3600);
    }
}</code></pre>
                    </div>
                    
                    <div class="bg-blue-50 border-l-4 border-blue-400 p-4 rounded-r">
                        <h4 class="font-medium mb-2">配置项说明：</h4>
                        <ul class="text-sm space-y-1">
                            <li><code class="bg-blue-100 px-1 py-0.5 rounded">addMapping("/**")</code>: 对所有路径启用跨域</li>
                            <li><code class="bg-blue-100 px-1 py-0.5 rounded">allowedOrigins()</code>: 允许的跨域来源</li>
                            <li><code class="bg-blue-100 px-1 py-0.5 rounded">allowedMethods()</code>: 允许的HTTP方法</li>
                            <li><code class="bg-blue-100 px-1 py-0.5 rounded">allowCredentials(true)</code>: 允许携带凭证</li>
                            <li><code class="bg-blue-100 px-1 py-0.5 rounded">maxAge(3600)</code>: 预检请求缓存时间(秒)</li>
                        </ul>
                    </div>
                </div>
            </div>
            
            <!-- Spring Security 集成 -->
            <div class="bg-white rounded-xl shadow-md p-6 mb-8 hover-scale">
                <div class="flex items-center mb-4">
                    <div class="bg-red-100 text-red-700 w-8 h-8 rounded-full flex items-center justify-center mr-3">
                        <i class="fas fa-shield-alt"></i>
                    </div>
                    <h3 class="text-xl font-semibold">与Spring Security集成</h3>
                </div>
                
                <p class="mb-4">如果项目中集成了Spring Security，需要确保跨域设置不会被覆盖：</p>
                
                <div class="code-block rounded-lg p-4 mb-4 overflow-x-auto">
                    <pre class="text-gray-200"><code>@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
            .authorizeRequests()
            .anyRequest().authenticated();
        return http.build();
    }
}</code></pre>
                </div>
                
                <div class="flex items-start bg-gray-50 p-4 rounded-lg">
                    <div class="text-gray-600 mr-3 mt-1">
                        <i class="fas fa-info-circle"></i>
                    </div>
                    <div>
                        <p class="text-sm">通过调用<code class="bg-gray-200 px-1 py-0.5 rounded">http.cors()</code>来启用Spring Security对Spring MVC跨域配置的支持。注意处理CSRF保护与CORS的兼容性问题。</p>
                    </div>
                </div>
            </div>
            
            <!-- 错误处理 -->
            <div class="bg-white rounded-xl shadow-md p-6 hover-scale">
                <div class="flex items-center mb-4">
                    <div class="bg-purple-100 text-purple-700 w-8 h-8 rounded-full flex items-center justify-center mr-3">
                        <i class="fas fa-bug"></i>
                    </div>
                    <h3 class="text-xl font-semibold">常见问题排查</h3>
                </div>
                
                <div class="space-y-4">
                    <div class="flex items-start">
                        <div class="text-red-500 mr-3 mt-1">
                            <i class="fas fa-times-circle"></i>
                        </div>
                        <div>
                            <h4 class="font-medium">错误：No 'Access-Control-Allow-Origin' header</h4>
                            <p class="text-sm text-gray-600">通常表示服务器未正确返回跨域的响应头。检查跨域配置，并确保服务器返回的头信息正确。</p>
                        </div>
                    </div>
                    
                    <div class="flex items-start">
                        <div class="text-red-500 mr-3 mt-1">
                            <i class="fas fa-times-circle"></i>
                        </div>
                        <div>
                            <h4 class="font-medium">错误：CORS preflight channel didn't succeed</h4>
                            <p class="text-sm text-gray-600">预检请求失败，检查服务器是否正确响应OPTIONS请求，并返回适当的CORS头部。</p>
                        </div>
                    </div>
                    
                    <div class="flex items-start">
                        <div class="text-red-500 mr-3 mt-1">
                            <i class="fas fa-times-circle"></i>
                        </div>
                        <div>
                            <h4 class="font-medium">错误：Credentials flag is true, but Access-Control-Allow-Credentials is not true</h4>
                            <p class="text-sm text-gray-600">前端设置了withCredentials=true，但服务器未返回Access-Control-Allow-Credentials: true响应头。</p>
                        </div>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Summary Card -->
        <section class="mb-12">
            <div class="bg-gradient-to-r from-purple-600 to-blue-600 text-white rounded-xl shadow-lg p-8 hover-scale">
                <div class="flex flex-col md:flex-row items-center">
                    <div class="md:w-2/3 mb-6 md:mb-0">
                        <h3 class="text-2xl font-bold mb-4">掌握CORS配置的关键要点</h3>
                        <ul class="space-y-2">
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2"></i>
                                <span>根据需求选择局部(<code class="bg-white/20 px-1.5 py-0.5 rounded">@CrossOrigin</code>)或全局配置</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2"></i>
                                <span>生产环境中避免使用<code class="bg-white/20 px-1.5 py-0.5 rounded">*</code>通配符，指定明确的源</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2"></i>
                                <span>注意带凭证请求的特殊配置要求</span>
                            </li>
                            <li class="flex items-start">
                                <i class="fas fa-check-circle mt-1 mr-2"></i>
                                <span>与Spring Security集成时确保CORS配置不被覆盖</span>
                            </li>
                        </ul>
                    </div>
                    <div class="md:w-1/3 flex justify-center">
                        <div class="bg-white/20 backdrop-blur-sm rounded-full w-40 h-40 flex items-center justify-center">
                            <i class="fas fa-unlock-alt text-5xl"></i>
                        </div>
                    </div>
                </div>
            </div>
        </section>
    </main>

    <!-- Footer -->
    <footer class="bg-gray-900 text-gray-300 py-8 px-4">
        <div class="container mx-auto max-w-6xl px-4">
            <div class="flex flex-col md:flex-row justify-between items-center">
                <div class="mb-4 md:mb-0">
                    <h3 class="text-xl font-bold text-white mb-2">技术小馆</h3>
                    <p class="text-sm">专注于分享前沿技术知识与最佳实践</p>
                </div>
                <div>
                    <a href="http://www.yuque.com/jtostring" class="text-white hover:text-purple-300 transition duration-300 flex items-center">
                        <i class="fas fa-external-link-alt mr-2"></i>
                        访问技术小馆语雀主页
                    </a>
                </div>
            </div>
            <div class="border-t border-gray-700 mt-8 pt-8 text-sm text-center text-gray-500">
                &copy; 2023 技术小馆. 保留所有权利.
            </div>
        </div>
    </footer>

    <!-- Mermaid.js -->
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <script>
        mermaid.initialize({
            startOnLoad: true,
            theme: 'default',
            flowchart: {
                useMaxWidth: false,
                htmlLabels: true,
                curve: 'basis'
            },
            securityLevel: 'loose'
        });
        
        // 平滑滚动
        document.querySelectorAll('a[href^="#"]').forEach(anchor => {
            anchor.addEventListener('click', function(e) {
                e.preventDefault();
                const target = document.querySelector(this.getAttribute('href'));
                if (target) {
                    window.scrollTo({
                        top: target.offsetTop - 20,
                        behavior: 'smooth'
                    });
                }
            });
        });
    </script>
</body>
</html>
```